Open letter on the security of the European Parliament’s digital infrastructure after the Wannacry attack
Monday, 22 May 2016
Dear President Tajani,
Dear Secretary General Klaus Welle,
The recent ‘Wannacry’ ransomware attack has again highlighted the need for using the most up-to-date software to secure our communications and our data.
We are concerned that MEPs and their staff cannot update the Internet Browsers they are using on the computers that are provided by the Parliament, nor are they able to update its main operating Windows Operating System, or its Windows Office software.
Currently the Parliament computers are equipped with Windows 7 Enterprise, Internet Explorer 11, Firefox 45.6.0 and Microsoft Office Professional Plus 13, version 6.1.7601, by default. These are all outdated versions of widely used products, which leaves our data and communications vulnerable to outside attacks. Currently only system administrators can update these programmes.
Given the fact that the Wannacry worm is especially targeting computers that are using Windows 7, and given the fact that the worm is modified, reused and upgraded, we would like to know which measures have been taken to address these vulnerabilities.
Equally, we want to point out that more can be done to educate Members and Staff about the risks of not using secure communication technologies. This leaves our mobile phone calls, text messages and e-mails vulnerable to interception by foreign governments and other adversaries. The Parliament should further facilitate the uptake of using encrypted communications. We must ensure that we can securely and confidentially interact among ourselves, and that those outside the Parliament who wish to connect with us can do this safely as well.
Heinz K. Becker
Izaskun Bilbao Barandica
Cora Van Nieuwenhuizen